Situation

Plesk Migrator uses package named plesk-py27-paramiko. There was a vulnerability alert on 2018-03-13: [CVE-2018-7750] regarding python-paramiko.

Impact

This flaw is a user authentication bypass in the SSH Server functionality of paramiko (normally used by subclassing paramiko.ServerInterface). Where paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.

Plesk Migrator uses Paramiko only as SSH client to connect to the source servers. So the vulnerability cannot be exploited.

Call to Action

No actions are required from Plesk users since Plesk is not vulnerable.